Sql injection

SQL injection vulnerability in topics.php in Dynamic Bulletin Board System DbbS 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter...

Sql injection

SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action...

CVE-2006-1481

SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frmsearchin parameter...

Sql injection

SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter...

CVE-2006-1232

Multiple SQL injection vulnerabilities in DSDownload 1.0, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 key and 2 category parameters to a search.php and b downloads.php...

Sql injection

DISPUTED Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the 1 informationID or 2 ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests...

Sql injection

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 newsid parameter to newsdetailsview.asp and 2 password parameter to login.asp...

Sql injection

Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the 1 uid and 2 pwd parameter...

CVE-2006-0651

CVE-2006-0651 describes a SQL injection vulnerability in the vwdev application, where the UID parameter in index.php allows remote attackers to execute arbitrary SQL commands. The issue is rooted in improper input handling in the affected page, enabling an attacker with network access (no authent...

CVE-2006-0581

CVE-2006-0581 refers to a SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8. The issue allows remote authenticated users to execute arbitrary SQL commands via the GatewayID parameter in AddGatewaySettings.asp and the IP parameter in IPManager.asp. The available sources confirm the ...

CVE-2006-0462

CVE-2006-0462 describes a SQL injection vulnerability in comentarios.php of AndoNET Blog version from 2004-09-02. The flaw allows remote attackers to execute arbitrary SQL commands through the entrada parameter, enabling potentially unauthorized data access or modification. The CVSS base score is...

Oracle PL/SQL Gateway fails to properly validate HTTP requests

Overview The Oracle PL/SQL Gateway fails to properly validate HTTP requests. This may allow a remote attacker to execute SQL commands on an Oracle database. Description Oracle uses the Oracle PL/SQL Gateway to access Oracle databases over HTTP. A lack of validation in the Oracle PL/SQL Gateway ma...

CVE-2005-4668

The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.208, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845...

Sql injection

SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter...

CVE-2005-4668

The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.208, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845...

CVE-2005-4547

Cross-site scripting XSS vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields...

CVE-2005-4547

Cross-site scripting XSS vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields...

CVE-2005-4353

The CVE-2005-4353 entry describes an SQL injection in toendaCMS 0.6.2.1 when configured to use a SQL database. The vulnerability occurs in index.php and allows remote attackers to alter or extract data by injecting arbitrary SQL through the id parameter. Affected product: toendaCMS 0.6.2.1 (SQL-e...

CVE-2005-4329

SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 newsid and 2 id parameter...

CVE-2005-4155

registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treat...